django-restit 4.2.71__py3-none-any.whl → 4.2.73__py3-none-any.whl

account/models/device.py

@@ -113,9 +113,20 @@ class MemberDeviceMetaData(rm.MetaDataBase):
 
 class CloudCredentials(models.Model, rm.RestModel, rm.MetaDataModel):
     """
-    MemberDevice Model tracks personal devices associated with a user.
-    This can include mobile and desktop devices.
+    CloudCredentials is a global setting for a group to store this groups cloud credentials.
     """
+    class RestMeta:
+        VIEW_PERMS = ["view_cm", "manage_cm"]
+        EDIT_PERMS = ["manage_cm"]
+        GRAPHS = {
+            "default": {
+                "extra": ["metadata"],
+                "graphs": {
+                    "group": "basic"
+                }
+            }
+        }
+
     created = models.DateTimeField(auto_now_add=True)
     modified = models.DateTimeField(auto_now=True)
     group = models.ForeignKey("account.Group", related_name="cloud_credentials", on_delete=models.CASCADE)

account/models/member.py

@@ -88,7 +88,8 @@ class Member(User, RestModel, MetaDataModel):
             ("perms", "properties|permissions.")]
         QUERY_FIELDS_SPECIAL = {
             "ip": "auth_sessions__ip",
-            "login_country": "auth_sessions__location__country"
+            "login_country": "auth_sessions__location__country",
+            "not_login_country": "auth_sessions__location__country__ne"
         }
         UNIQUE_LOOKUP = ["username", "email"]
         METADATA_FIELD_PROPERTIES = settings.USER_METADATA_PROPERTIES
@@ -221,6 +222,10 @@ class Member(User, RestModel, MetaDataModel):
             return token.secure_token
         return None
 
+    @property
+    def force_single_session(self):
+        return self.getProperty("force_single_session", category="permissions", default=None)
+
     @property
     def has_totp(self):
         token = self.getProperty("totp_token", category="secrets", default=None)
@@ -847,6 +852,8 @@ class Member(User, RestModel, MetaDataModel):
             if token is None:
                 token = AuthToken(member=self, role="default")
             token.generateToken()
+        elif action == "refresh_keys":
+            self.refreshSecurityToken()
 
     def set_full_name(self, value):
         self.set_name(value)

account/models/membership.py

@@ -82,13 +82,14 @@ class Membership(models.Model, RestModel, MetaDataModel):
         if value == "resend_invite":
             self.sendInvite(self.getActiveRequest())
 
-    def sendInvite(self, request=None, url=None, subject=None, site_logo=None, company_name=None):
+    def sendInvite(self, request=None, url=None, subject=None, site_logo=None, company_name=None, msg=None):
         if request:
             powered_by = request.DATA.get("powered_by", True)
             subject = request.DATA.get("invite_subject")
             url = request.DATA.get("invite_url")
             site_logo = request.DATA.get("site_logo", settings.SITE_LOGO)
             company_name = request.DATA.get("company_name", settings.COMPANY_NAME)
+            msg = request.DATA.get("invite_msg", None)
         else:
             powered_by = True
             site_logo = settings.SITE_LOGO
@@ -109,7 +110,7 @@ class Membership(models.Model, RestModel, MetaDataModel):
             url = "{}&auth_code={}".format(url, auth_token.toBase64())
         self.member.sendInvite(
             subject, self.group, url=url, 
-            msg=request.DATA.get("invite_msg", None), 
+            msg=msg, 
             POWERED_BY=powered_by,
             SITE_LOGO=site_logo,
             COMPANY_NAME=company_name,

account/models/session.py

@@ -8,7 +8,7 @@ from rest import ua
 # replacing legacy cookie session system with more robust session info
 class AuthSession(models.Model, RestModel):
     class RestMeta:
-        SEARCH_FIELDS = ["ip", "member__username", "browser", "location__city"]
+        SEARCH_FIELDS = ["ip", "member__username", "browser", "location__city", "buid"]
         VIEW_PERMS = ["view_members", "manage_members", "manage_users", "owner"]
         CAN_SAVE = False
         CAN_DELETE = False

account/rpc/auth.py

@@ -12,6 +12,7 @@ from django.http import HttpResponse
 from datetime import datetime, timedelta
 
 ALLOW_BASIC_LOGIN = settings.get("ALLOW_BASIC_LOGIN", False)
+FORGET_ALWAYS_TRUE = settings.get("FORGET_ALWAYS_TRUE", True)
 
 
 @rd.urlPOST(r'^login$')
@@ -301,14 +302,20 @@ def member_forgot_password(request):
     """
     member, resp = get_member_from_request(request)
     if member is None:
+        if FORGET_ALWAYS_TRUE:
+            return rv.restStatus(request, True, msg="Password reset instructions have been sent to your email. (If valid account)")
         return resp
     if resp is not None and not member.is_active:
+        if FORGET_ALWAYS_TRUE:
+            return rv.restStatus(request, True, msg="Password reset instructions have been sent to your email. (If valid account)")
         return resp
 
     if request.DATA.get("use_code", False):
         return member_forgot_password_code(request, member)
 
     if member.auth_code is not None and member.auth_code_expires > datetime.now():
+        if FORGET_ALWAYS_TRUE:
+            return rv.restStatus(request, True, msg="Password reset instructions have been sent to your email. (If valid account)")
         return rv.restPermissionDenied(request, "already sent valid auth code")
 
     member.auth_code = crypto.randomString(16)
@@ -325,7 +332,7 @@ def member_forgot_password(request):
         'to': [member.email],
     })
 
-    return rv.restStatus(request, True, msg="Password reset instructions have been sent to your email.")
+    return rv.restStatus(request, True, msg="Password reset instructions have been sent to your email. (If valid account)")
 
 
 def member_forgot_password_code(request, member):

account/rpc/device.py

@@ -5,6 +5,13 @@ from account import models as am
 from objict import objict
 
 
+@rd.url(r'^group/cloud/credentials$')
+@rd.url(r'^group/cloud/credentials/(?P<pk>\d+)$')
+@rd.login_required
+def rest_on_group_cloud_creds(request, pk=None):
+    return am.CloudCredentials.on_rest_request(request, pk)
+
+
 @rd.url(r'^member/device$')
 @rd.url(r'^member/device/(?P<pk>\d+)$')
 @rd.login_required

{django_restit-4.2.71.dist-info → django_restit-4.2.73.dist-info}/METADATA

@@ -1,6 +1,6 @@
 Metadata-Version: 2.1
 Name: django-restit
-Version: 4.2.71
+Version: 4.2.73
 Summary: A Rest Framework for DJANGO
 License: MIT
 Author: Ian Starnes

{django_restit-4.2.71.dist-info → django_restit-4.2.73.dist-info}/RECORD

@@ -24,15 +24,15 @@ account/migrations/0019_group_location.py,sha256=EfMB_w4qWUGDqQeNc453PFZwpjpTeoA
 account/migrations/0020_cloudcredentials_cloudcredentialsmetadata.py,sha256=mHwxkyDfA4ueQOt34w5ndJB4XwNTDLv79CkKgzhlz-c,2250
 account/migrations/__init__.py,sha256=47DEQpj8HBSa-_TImW-5JCeuQeRkm5NMpJWZG3hSuFU,0
 account/models/__init__.py,sha256=cV_lMnT2vL_mjiYtT4hlcIHo52ocFbGSNVkOIHHLXZY,385
-account/models/device.py,sha256=MVWZEYrX_4zJaqmJS_feFplfVXYyqBJ-0_Fm3B1SVg8,5226
+account/models/device.py,sha256=TloXvvrx3khF3BeGFuVYn6DhXjOW0AMZb4F9Fl5nBII,5491
 account/models/feeds.py,sha256=vI7fG4ASY1M0Zjke24RdnfDcuWeATl_yR_25jPmT64g,2011
 account/models/group.py,sha256=iDD_oSgswKV_t_gXZuVK80MvICrZZqdANm2jtGtOFy8,21985
 account/models/legacy.py,sha256=zYdtv4LC0ooxPVqWM-uToPwV-lYWQLorSE6p6yn1xDw,2720
-account/models/member.py,sha256=Pp4Np75L8TzVBC1N3g7Vnt5zy4cMBy7W0OG7mZ5Cfqg,50756
-account/models/membership.py,sha256=GJ6bSFLfU1CN9466k0XjSwn1sQIEwFeC8-oUYd2MrSs,9217
+account/models/member.py,sha256=yM1tB0eXH5FZ49KPb2MKlt22v8qFOwcQRbO2_KRt5gw,51053
+account/models/membership.py,sha256=90EpAhOsGaqphDAkONP6j_qQ0OWSRaQsI8H7E7fgMkE,9249
 account/models/notify.py,sha256=YnZujSHJHY7B09e6FIyZIEJRWLPYk1Sk1e92tFzB1IA,12078
 account/models/passkeys.py,sha256=TJxITUi4DT4_1tW2K7ZlOcRjJuMVl2NtKz7pKQU8-Tw,1516
-account/models/session.py,sha256=o3t98e8itXEtkknBHdBH_PSq9kuw1A858_wl6ZleXMM,3729
+account/models/session.py,sha256=ELkWjB_2KXQvPtRPrvuGJpJsqrxCQX_4J53SbqGz_2U,3737
 account/models/settings.py,sha256=gOyRWBVd3BQpjfj_hJPtqX3H46ztyRAFxBrPbv11lQg,2137
 account/oauth/__init__.py,sha256=47DEQpj8HBSa-_TImW-5JCeuQeRkm5NMpJWZG3hSuFU,0
 account/oauth/google.py,sha256=q5M6Qhpfp9QslKRVYFZBvtG6kgXV6vYMrR5fp6Xdb9I,2078
@@ -40,8 +40,8 @@ account/passkeys/__init__.py,sha256=FwXYJXwSJXfkLojGBcVpF1dFpgFhzDdd9N_3naYQ0cc,
 account/passkeys/core.py,sha256=xj-vXjSrfWDvc5MYtEmXzwaMkNHl-cXrQKVrN9soRCg,4126
 account/periodic.py,sha256=-u0n-7QTJgDOkasGhBAPwHAwjpqWGA-MZLEFkVTqCGU,874
 account/rpc/__init__.py,sha256=SGF0M_-H0dKh3b1apSX29BotNWAvITYccGQVC0MIjL8,336
-account/rpc/auth.py,sha256=oTMXstslgQSXZmTA1Achqvpqyr5eEhHf9n7iumy_D-U,15882
-account/rpc/device.py,sha256=fbbZFp3cUdhVXvD7gVFOqFWj4hKS3bjZKD_aF5fQxd8,2852
+account/rpc/auth.py,sha256=vcsAUCj-iyZEZA2D20KL4h7w7aeN2qgwoD_eUs0nJpQ,16452
+account/rpc/device.py,sha256=mB14a6qvJIBnCa9ivLhPXwEt5Gk2foyqsKBtZxC506k,3070
 account/rpc/group.py,sha256=FD9GymgPY68y-gtDLsZxYVdwQJeLGpqcP4hjcDUh-GM,4022
 account/rpc/member.py,sha256=PU-Uz5KUI_BZFy-F-taDqAfnt_AwONYXSzUvfm7eyTw,1264
 account/rpc/notify.py,sha256=Q2YWejP36egeF060Hih5uX4Psv_B8NWlLLPi7iDYlIw,3344
@@ -110,7 +110,7 @@ incident/models/__init__.py,sha256=NMphuhb0RTMf7Ov4QkNv7iv6_I8Wtr3xQ54yjX_a31M,2
 incident/models/event.py,sha256=WRNzvjo0jypdnQNBksOOyi-_0kVT4qWUrDZf0Aw_MPM,7355
 incident/models/incident.py,sha256=Jx0RnOo70BzPX4BLMVF8jB5UOYwFPKPlxWznkTeMzOU,19332
 incident/models/ossec.py,sha256=p1ptr-8lnaj1EP_VmPR58b2LmaYBGaYYKAMqhWK5yZM,2227
-incident/models/rules.py,sha256=uT5GhW6Flso287lJGphAlWwL20NRnHDAZoGrWBBQfeE,6260
+incident/models/rules.py,sha256=SMlDRw_r3fGv-vmRojRLmsklqRRxDcjrSLVBIz-gadA,6884
 incident/models/ticket.py,sha256=S3kqGQpYLE6Y4M9IKu_60sgW-f592xNr8uufqHnvDoU,2302
 incident/parsers/__init__.py,sha256=47DEQpj8HBSa-_TImW-5JCeuQeRkm5NMpJWZG3hSuFU,0
 incident/parsers/ossec.py,sha256=Bc82n0AeXMBxMxzfAR-1puHyxldcikqeu5MeGRk1zMc,7142
@@ -351,7 +351,7 @@ metrics/providers/__init__.py,sha256=47DEQpj8HBSa-_TImW-5JCeuQeRkm5NMpJWZG3hSuFU
 metrics/providers/aws.py,sha256=RDM5RLeFADHexm4cHaJdAm3K6iz1NwMSNcV9GYuGtjY,7432
 metrics/rpc.py,sha256=L6gjRAK7MNzu9haG7Uw9ECWDCdYWknM_ft7kYr4H0ts,20412
 metrics/settings.py,sha256=wwHA9Z7BAHNeu3tFVn8Fh5j46KR-eGx0E8r5dzCFlAU,132
-metrics/tq.py,sha256=pl9RG4vXViX2hhSTOENZwXsAXD-5luXkBQjgzj4bwtk,799
+metrics/tq.py,sha256=WHBRYSinmTuxF9l-_-lx0yfzEYkb0ffVMt_uvCj9bYo,825
 metrics/utils.py,sha256=w6H2v8zjlOZ5uqZsJOQvZoN-2Kyv1h8PN76gMGow7AE,11995
 pushit/__init__.py,sha256=47DEQpj8HBSa-_TImW-5JCeuQeRkm5NMpJWZG3hSuFU,0
 pushit/admin.py,sha256=69HdDZU_Iz8Fm72M8r8FUztsZvW37zdGwVmj8VTqr0c,451
@@ -400,7 +400,7 @@ rest/middleware/request.py,sha256=JchRNy5L-bGd-7h-KFYekGRvREe2eCkZXKOYqIkP2hI,41
 rest/middleware/session.py,sha256=zHSoQpIzRLmpqr_JvW406wzpvU3W3gDbm5JhtzLAMlE,10240
 rest/middleware/session_store.py,sha256=1nSdeXK8PyuYgGgIufqrS6j6QpIrQ7zbMNT0ol75e6U,1901
 rest/models/__init__.py,sha256=M8pvFDq-WCF-QcM58X7pMufYYe0aaQ3U0PwGe9TKbbY,130
-rest/models/base.py,sha256=YHGP978FmcXIPiyrdZKVskVdEtsy84zF10LEfdErdp0,67771
+rest/models/base.py,sha256=MIZUQStR5Y2ndSjmOSu-NSIg3SZs9IFoMlRQ2re75OE,69565
 rest/models/cacher.py,sha256=eKz8TINVhWEqKhJGMsRkKZTtBUIv5rN3NHbZwOC56Uk,578
 rest/models/metadata.py,sha256=65GvfFbc26_7wJz8qEAzU7fEOZWVz0ttO5j5m_gs4hk,12860
 rest/net.py,sha256=LcB2QV6VNRtsSdmiQvYZgwQUDwOPMn_VBdRiZ6OpI-I,2974
@@ -501,7 +501,7 @@ ws4redis/servers/uwsgi.py,sha256=VyhoCI1DnVFqBiJYHoxqn5Idlf6uJPHvfBKgkjs34mo,172
 ws4redis/settings.py,sha256=K0yBiLUuY81iDM4Yr-k8hbvjn5VVHu5zQhmMK8Dtz0s,1536
 ws4redis/utf8validator.py,sha256=S0OlfjeGRP75aO6CzZsF4oTjRQAgR17OWE9rgZdMBZA,5122
 ws4redis/websocket.py,sha256=R0TUyPsoVRD7Y_oU7w2I6NL4fPwiz5Vl94-fUkZgLHA,14848
-django_restit-4.2.71.dist-info/LICENSE.md,sha256=VHN4hhEeVOoFjtG-5fVv4jesA4SWi0Z-KgOzzN6a1ps,1068
-django_restit-4.2.71.dist-info/METADATA,sha256=r7l9ZtyTLPW9I9XeXySkV-ElGFx6wgF92U2BIf4PbNw,7645
-django_restit-4.2.71.dist-info/WHEEL,sha256=sP946D7jFCHeNz5Iq4fL4Lu-PrWrFsgfLXbbkciIZwg,88
-django_restit-4.2.71.dist-info/RECORD,,
+django_restit-4.2.73.dist-info/LICENSE.md,sha256=VHN4hhEeVOoFjtG-5fVv4jesA4SWi0Z-KgOzzN6a1ps,1068
+django_restit-4.2.73.dist-info/METADATA,sha256=On1RFDnzXlyZJmbbSLrg9QAPXMYm2vNuDmrX9OVCP8U,7645
+django_restit-4.2.73.dist-info/WHEEL,sha256=sP946D7jFCHeNz5Iq4fL4Lu-PrWrFsgfLXbbkciIZwg,88
+django_restit-4.2.73.dist-info/RECORD,,

incident/models/rules.py

@@ -26,6 +26,7 @@ added to to same incident.
 class Rule(models.Model, rm.RestModel):
     class RestMeta:
         SEARCH_FIELDS = ["name", "group__name"]
+        POST_SAVE_FIELDS = ["checks"]
         CAN_DELETE = True
         VIEW_PERMS = ["view_incidents"]
         # VIEW_PERMS = ["example_permission"]
@@ -50,6 +51,11 @@ class Rule(models.Model, rm.RestModel):
                     "bundle_by",
                     "match_by"
                 ]
+            },
+            "download": {
+                "graphs": {
+                    "checks": "basic"
+                }
             }
         }
 
@@ -102,6 +108,17 @@ class Rule(models.Model, rm.RestModel):
                 return True
         return False
 
+    def set_checks(self, value):
+        if not isinstance(value, list):
+            return
+        exclude = ["id", "pk", "created", "modified", "parent"]
+        for item in value:
+            nval = {key: item[key] for key in item if key not in exclude and RuleCheck.hasField(key)}
+            nval["parent"] = self.id
+            rh.debug(nval)
+            obj = RuleCheck.createFromDict(self.getActiveRequest(), nval)
+            rh.debug("created", obj)
+
 
 class RuleCheck(models.Model, rm.RestModel):
     class RestMeta:

metrics/tq.py

@@ -16,7 +16,7 @@ def checkDomains(task):
     alarm_date = now + timedelta(days=30)
     result = ssl_check.check(*settings.DOMAIN_WATCH)
     for key, value in result.items():
-        if value is None:
+        if value is None or isinstance(value, str):
             continue
         if value < alarm_date:
             task.log(f"{key} is expiring soon")

rest/models/base.py

@@ -394,6 +394,8 @@ class RestModel(object):
             return
         if not hasattr(self, "_field_names__"):
             self._field_names__ = [f.name for f in self._meta.get_fields()]
+        # if not hasattr(self, "_related_field_names__"):
+        #     self._related_field_names__ = self.get_related_name_fields()
         # print "saving field: {0} = {1}".format(fieldname, value)
         if fieldname in RestModel.__RestMeta__.NO_SAVE_FIELDS:
             return
@@ -479,8 +481,6 @@ class RestModel(object):
             if hasattr(self, fieldname) and getattr(self, fieldname) != value:
                 self._changed__[fieldname] = getattr(self, fieldname)
             setattr(self, fieldname, value)
-        # else:
-        #   print "does not have field: {0}".format(fieldname)
 
     def saveFromRequest(self, request, **kwargs):
         if "files" not in kwargs:
@@ -1064,6 +1064,10 @@ class RestModel(object):
         if hasattr(cls.RestMeta, "FORMATS"):
             fields = cls.RestMeta.FORMATS.get(format, fields)
         if len(fields) == 0:
+            if format == "json":
+                g = cls.getGraph("default")
+                if "fields" in g:
+                    return g["fields"]
             no_show_fields = RestModel.__RestMeta__.NO_SHOW_FIELDS
             if hasattr(cls.RestMeta, "NO_SHOW_FIELDS"):
                 no_show_fields = cls.RestMeta.NO_SHOW_FIELDS
@@ -1077,12 +1081,17 @@ class RestModel(object):
     def on_rest_list_format(cls, request, format, qset):
         if format in ["summary", "summary_only"]:
             return cls.on_rest_list_summary(request, qset)
-        fields = cls.getRestFormatFields(format)
+        fields = None
+        if format == "json":
+            g = cls.getGraph(request.DATA.get("graph", "download"))
+            if g and "fields" in g:
+                fields = g["fields"]
+        if fields is None:
+            fields = cls.getRestFormatFields(format)
         if fields or format == "json":
             name = request.DATA.get("format_filename", None)
             format_size = request.DATA.get("format_size", 10000)
             localize = request.DATA.get("localize", None, field_type=dict)
-            rh.debug("localize", localize)
             if name is None:
                 ext = format
                 if "_" in ext:
@@ -1157,6 +1166,14 @@ class RestModel(object):
                     output[lbl] = rh.getMax(act_qset, field)
         return GRAPH_HELPERS.restGet(request, output)
 
+    @classmethod
+    def getRestBatchCreateFilter(cls, item, exclude=["id", "pk", "created", "modified"], include=None):
+        if isinstance(include, list):
+            return {key: item[key] for key in include if key in item}
+        # ignore related fields
+        rfs = cls.get_related_name_fields()
+        return {key: item[key] for key in item if key not in exclude and cls.hasField(key) and key not in rfs}
+
     @classmethod
     def on_rest_batch(cls, request, action):
         # this method is called when rest_batch='somme action'
@@ -1185,19 +1202,38 @@ class RestModel(object):
             count = qset.update(**update_fields)
             return GRAPH_HELPERS.restStatus(request, True, error="updated {} items".format(count))
         elif action == "create":
-            batch_data = request.DATA.getlist("batch_data", [])
-            items = []
-            for item in batch_data:
-                try:
-                    obj = cls.ro_objects().filter(**item).last()
-                    if not obj:
-                        obj.checkPermsAndSave(request, item)
-                    items.append(obj)
-                except Exception:
-                    pass
-            return GRAPH_HELPERS.restList(request, items)
+            cls.on_rest_batch_create(request)
         return GRAPH_HELPERS.restStatus(request, False, error="not implemented")
 
+    @classmethod
+    def on_rest_batch_create(cls, request):
+        batch_data = request.DATA.get("batch_data")
+        if isinstance(batch_data, str):
+            batch_data = objict.fromJSON(batch_data)
+        if isinstance(batch_data, dict):
+            if "data" in batch_data:
+                batch_data = batch_data["data"]
+        items = []
+        for item in batch_data:
+            obj = cls.createFromBatch(item)
+            if obj:
+                items.append(obj)
+        return GRAPH_HELPERS.restList(request, items)
+
+    @classmethod
+    def createFromBatch(cls, item, request=None):
+        obj = None
+        try:
+            rh.debug("batch item", item)
+            item_filter = cls.getRestBatchCreateFilter(item)
+            rh.debug("batch filters", item_filter)
+            obj = cls.ro_objects().filter(**item_filter).last()
+            if obj is None:
+                obj = cls.createFromDict(request, item)
+        except Exception:
+            rh.log_exception(item)
+        return obj
+
     @classmethod
     def on_rest_create(cls, request, pk=None):
         # permissions are checked in the save routine
@@ -1487,7 +1523,7 @@ class RestModel(object):
                 qset = qset.filter(**q)
         return qset
 
-    ALLOWED_QUERY_OPERATORS = ["gt", "gte", "lt", "lte", "contains", "icontains", "in", "startswith", "endswith"]
+    ALLOWED_QUERY_OPERATORS = ["isnull", "gt", "gte", "lt", "lte", "contains", "icontains", "in", "startswith", "endswith"]
 
     @classmethod
     def queryFromRequest(cls, request, qset):
@@ -1526,6 +1562,7 @@ class RestModel(object):
             <field_name>=<operator>:value
         """
         q = {}
+        exq = {}
         field_names = cls.rest_getQueryFields()
         query_keys = request.DATA.keys()
         special_keys = getattr(cls.RestMeta, "QUERY_FIELDS_SPECIAL", {})
@@ -1597,6 +1634,8 @@ class RestModel(object):
             if oper == "in":
                 if isinstance(value, str) and ',' in value:
                     value = [a.strip() for a in value.split(',')]
+            elif oper == "isnull":
+                value = value in [True, "true", 1, "1"]
             elif oper is None and value in ["null", "None"]:
                 key = "{}__isnull".format(key)
                 value = True
@@ -1607,8 +1646,12 @@ class RestModel(object):
                 value = rh.toInteger(value)
             q[key] = value
         if bool(q):
-            # rh.debug("queryFromRequest", q, "default_filters:", request.default_rest_filters)
-            qset = qset.filter(**q)
+            exq = {key[:-4]: q[key] for key in q if key.endswith("__ne")}
+            q = {key: q[key] for key in q if not key.endswith("__ne")}
+            if bool(exq):
+                qset = qset.exclude(**exq)
+            if bool(q):
+                qset = qset.filter(**q)
         return qset
 
     @classmethod
@@ -1671,6 +1714,10 @@ class RestModel(object):
         '''returns the internal field type'''
         return [field.name for field in cls._meta.fields if field.get_internal_type() == "ForeignKey"]
 
+    @classmethod
+    def get_related_name_fields(cls):
+        return [f.related_name for f in cls._meta.related_objects]
+
     @classmethod
     def get_fk_model(cls, fieldname):
         '''returns None if not foreignkey, otherswise the relevant model'''